Webサービス

SOAP vs REST

SOAPサンプル

URL

http://api.xxx.com/services/add?WSDL

Request

<soapenv:Envelope

xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"

xmlns:q0="http://webservice.test.com"

xmlns:xsd="http://www.w3.org/2001/XMLSchema"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

<soapenv:Body>

<q0:add>

<q0:a>10</q0:a>

<q0:b>20</q0:b>

</q0:add>

</soapenv:Body>

</soapenv:Envelope>

Response

<soapenv:Envelope

xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"

xmlns:xsd="http://www.w3.org/2001/XMLSchema"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

<soapenv:Body>

<addResponse xmlns="http://webservice.test.com">

<addReturn>30</addReturn>

</addResponse>

</soapenv:Body>

</soapenv:Envelope>

★RESTful API Specification

・RAML (RESTful API Modeling Language)

・OAS (Swagger)

・API Blueprint

YAML形式

#%RAML 1.0

title: Employees API

baseUri: http://example.com/api/{version}

version: v1

/employees:

get:

description: Retrieve a list of all employees

responses:

200:

body:

application/json:

example: |

{

"firstName" : "John",

"lastname" : "Smith"

}

post:

body:

application/json:

example: |

{

"firstName" : "John",

"lastname" : "Smith"

}

/{employeeID}:

put:

body:

application/json:

example: |

{

"firstName" : "John",

"lastname" : "Smith"

}

delete:

responses:

204:

description: The delete request has been successfully executed.

RESTサンプル

URL

http://api.xxx.com/services/add?&first=10&second=20&output=json&key=yourkey

Response

{

"results":30,

"status":"SUCCESS"

}

URL

http://api.xxx.com/services/add?&first=10&second=20&output=xml&key=yourkey

Response

<ResultResponse>

<results>30</results>

<status>SUCCESS</status>

</ResultResponse>

★Restfulリソースの表現形式

1.HTTPヘッダ

GET /user/123 HTTP/1.1

Accept: application/xml 或いは Accept: application/json

2.拡張子

/user/123.xml 或いは /user/123.json

3.引数

/user/123?format=xml 或いは /user/123?format=json

★クライアントからアクセスツール

http://code.google.com/p/rest-client/

★シェルからテスト

test.sh

base=http://localhost:8080/rest

for i in {1..20}; do

curl -i -H "Accept: application/json" -X PUT "$base/api/comment/create?author=Author$i&content=Content$i&postId=$((RANDOM % 3 + 1 ))"

done

★Representation of RESTful API

http://swagger.io/

★RESTテスト用のフレームワーク

rest-assured

https://github.com/jayway/rest-assured/wiki/Usage

★設計の注意点

リソース間のアクセス権限をチェック

/ResourceA/<ResourceA Id>/ResourceB/<ResourceB Id>/ResourceC/<ResourceC Id>

Security Headers

HTML Frameに表示しない

X-Frame-Options: DENY

厳密にContent-Type

X-Content-Type-Options: nosniff

XSS防止

X-XSS-Protection: 1; mode=block

強制的にHTTPS通信

Strict-Transport-Security: max-age=<seconds>; includeSubDomains; preload

UUIDなどの推測できないものをIDとして利用

/users/<USER ID>

APIにアクセス回数を制限